CVE-2021-33211

2021-07-1413:48:26

mitre

www.cve.org

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.2%

JSON

A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.

References

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-021.txt

www.syss.de/pentest-blog/